From 136178de75ac2de8b352a167cd70d1d5c1f8fe4f Mon Sep 17 00:00:00 2001 From: Sasi Olin Date: Jun 14 2022 14:56:42 +0000 Subject: Small fixes to matrix formula and config --- diff --git a/pillar/role/matrix.sls b/pillar/role/matrix.sls index 43ddc50..207de0e 100644 --- a/pillar/role/matrix.sls +++ b/pillar/role/matrix.sls @@ -139,10 +139,10 @@ profile: build: True script: /usr/bin/node build/src/discordas.js -c config.yaml -f discord-registration.yaml -p 9001 webhook: - repo: https://github.com/turt2live/matrix-appservice-webhooks.git + repo: https://github.com/matrix-org/matrix-hookshot.git appservice_id: f4de7550133374c703c4cd64c5898cf1b82b65d4a5c2aca93863ee1fb859df91 - build: False - script: /usr/bin/node index.js -c config.yaml -f webhook-registration.yaml -p 9002 + build: True + script: /usr/bin/node App/BridgeApp.js config.yaml webhook-registration.yaml telegram: appservice_id: oepzkscngbyqvopzn773ns7whfxyfslgjhy7mumy7syurqp3f4kvb4sgufz9nfsw api_id: 1331253 @@ -158,7 +158,7 @@ nginx: - listen: - 80 - default_server - - root: /usr/share/element-web + - root: /usr/share/webapps/element - gzip_vary: 'on' - gzip_min_length: 1000 - gzip_comp_level: 5 @@ -221,7 +221,7 @@ nginx: - return: 301 https://chat.opensuse.org - location ~ "/..*": - proxy_set_header: X-Forwarded-For $remote_addr - - proxy_pass: http://localhost:9002 + - proxy_pass: http://localhost:9005 enabled: True sudoers: diff --git a/pillar/secrets/role/matrix.sls b/pillar/secrets/role/matrix.sls index d1c7e7f..ab71611 100644 --- a/pillar/secrets/role/matrix.sls +++ b/pillar/secrets/role/matrix.sls @@ -1052,6 +1052,136 @@ profile: DleghUs/mZA7pJPn5LI5lKz+JH/lJEmOx2kaK+2c0+1Hr4KTtQ== =WgeA -----END PGP MESSAGE----- + passkey: + ----------BEGIN PGP MESSAGE----- + + hQQOA7A9CHm0S6RyEA/5AQL29kIOUUyM3RsIz3Exc0NwhSmQ6qeDRjzltX6rczK6 + HdMDxi57UoAzf3rT/q/O9OMb9a4vDZaHGduPSLWnwSKXSQj3CUciDfg/sph/abXE + njH08kg/7HqCgvZtWlpbbWJrlmKDefaPc3lOMybE36k/xamcITNSzBwppS0hX1P0 + hMx9ujBCb0DvUQSAGBdcBlvAVxtQ3DTgGZlzy4V459J635w7RbT/Up6fWyWiqGHP + 9nr2Cm5dBANRd/MulBB21yRwvDJ9qb3Bc48hHKdJwAwUOj4e6QpUS3Uw99geKYP9 + P9Gqjxa5BcBI0t5LxShq8kbUUdZaAPzdvuZ2Y9SRYy9lBnNHmki11ZUtLiHyDrNl + GpLJ0o0N1TfRpRJ4s62jGg2RY3g0cgRH7R/niMY6ApnrF8nJgYv1pJ+MsA8J5sjm + oS5ZhUneKM7OmLGnewrxXZBMSMfGGwP81I/qTeRzD8TvZjIYy8O0gQxSmgR1I8Ce + QNkJ0gbWjAS3Nv8KjpJi7r9Ddi5Q/pYy4vYbfwz8BE3HXVF1n/UcRLFuyY9Yl+oF + kaMD2cYwAUXonJyuqxXA0z3uGHlfnNs1sPuboVMJ7PL+1kUzFyXEQT+rPXoGHGOu + HcQ/goFFOnPueL6QsKHarzhnXdL+qJYk3M9aGhfpHTPf+5nwN+DOw/RNGEiyW7gP + /iKJ8DhtM0qyU6A1Y+DZYL/bXYeemBdtui2ZagrpkhAWh7zu75Cwut3C552xGXIB + +KNv9Ki9UvbxVDJmQUK8iDZ987in7L9qqy66tUPLvlH8dixKS4eS7RQtYePc/Zv1 + OgxOU6rXZs+Jq7b2ooUCCKrxLeA/usoDCJw7A8joZ/QHdO4C1rDbmmDl7awH1uyt + 4iOrq12Pp/DQ6Y1rF2DGdIvTG+qVwCvfXeX3gjbNLDgQuISfI6c2gxJV16N27fU8 + x3cik2p8X4AXYfRa/E82k4KTgoi0fkRCIk3v7wMMM5eITYBtdpUn039j6qnioOOm + mN9TjueH+fEN+vvzCJDNu8Pu3U6TEgt8k6ziaNYaJO3Q6dclI5IKbGxjvhodt/dU + rzWp3qI8V5YVhaP1L7ZNwABgBL8zM0HtC05MeTxE4AMBLM9+tkFImAWd6EcTUSEr + e32M/4vBCoZikKXeUFsBuX2CybvRa2Vj99397hVSVYsogL4mfrQdY0suYB/HJTVn + +YPNjm+i6vdpXD8iMYKYtg3Gxb+ltAJ8ay86AL3E28tR8G2FVDwImBcLMUqdsLGW + lah0P/+WcfTk61nYdZdcjkpQIdPFU417J6JJDEOPHKCoVowYYyQC4DIX+JYQDDh5 + RMT2ba2GOWTv1iLJ8LYHfgFX4VvtN9lhLwWfTRsC+fc9hQIMA8amgupjyC8cAQ// + RdIeMs4hPmgIhxOupBPHS9+XKVBiERg/eJh0dbGNlMtSrB9IPLAU7w/DvyO0cTEH + +Y9Lt96qAnNrLPXtzD8LxNAOVPE6n6y5ntbhanvk3p36895sdHPMgWtEho/Dozni + tpTUbEYGSW3BT+C3GBB9uyXSV/aTnz8aPTNWVVvqYqT6I8hU8HwYUp6KWKROKpDD + P6rrUUgwI5m7mpgPeyYvdwnz6rgD6Bo8rcb8Zn2tTgnzUi/FceCZQ01i3skcv4Gt + NmDpnypKQ/u2MXpTXY4og0ayUtyEf1EgUwxwLVM8RiREgjY+Yj2IRYA91cq5k1ln + mWtsaCUKW55WX2/qTcVmfrEpECPAZBnaQ/Lemo3GVvYsewNKm8TTbCGKkaR3tVCZ + P2Yn9G9eM0RNwCuIE6URZo5lKsWT4m9q0qbUnB0wfvrvDJjs9X5R241iwlh4zbBl + eD0gyYsyrAOvORT1QvSgiU1ZrfymvDxaiDamhFh9yIz/sGJ/OOY9Dydh2q64Tg3L + 7B6vekK5eYIz+x7CbdM+f+p8QypHigNU+WdPruKaPcnG6YpYZGM9FvphiCMGs4uv + 1boCLarVziLbG33t+oS2CCgPWOmGqSqulISZeBRUqqw43uQvI3LlpdCoGVDoWzqK + tCa2je80WEmXX1ozstIRCUP9oxqH4DJOgP5gdgHu3xaFAQ4DslgfDDfB4G8QA/9b + PNJFwY2EjQf+EoOFD9xtAbSN1Hh4AAIlwrpaXLwygN6aloZcX8NVAvM88VGkvDs+ + JdwZO8e5+GabdU9rT0N19ixwKrVk/KflUaTKU5SMlpFF+PTGzN1hU/tSOHxTTmnF + cd0eRuUD+AtD4TAyDE7rVsIxGu/gyQU3NDGwGW7nfQP6ArTbUT/UICpeQTKZeTLc + fSVnQmFNUeElc9QglsNi+nZe18us2kwTvI9LPxWaQbz3FQ7JfJCUOei7nW60vfox + 8lUPE4+hGW1eDIZxyPC6ObUaQLycq5pOnVHMge3uffodTF7J/BMkGBfVlOBCI81T + t9G3jBiSHWSUdWoHLvqFuVOFAg4DiLcKbyvsTOYQCACNEglOO2T32C0vEy4qUkSt + eNa/fGxkH3ZbHHoJYfZ2sPQVzeA1kPxytcKlaBqUeL4pPSLeEw5KLQdltTXcxUxs + qXLxJ3tBJ5cm1xzr9FF8i5i7umi7HNZsiT1Rp6gZnxP9I9a1+C2YIM5zvFyJCZbH + CzorB3jngCh6PzY7Mxx5At2GTvg8LoRhkIQTgadCHCbnNgBrrbWefXihoIXXqt+T + 19HWHDYzpyR7ZS2ijiQXn2BlHPtJDBJYkWBiiBQil4uGbdKqjUqfjvml00JrACjN + h/mnQVHzru7fD4xNLV/Tmg2xy++nTs0zXte4w4H/08cPIzNr3l6DyOh8EtcxCu3j + CACHQkA5tDAoMGd2nE4HL32EyRFkbQs4JHxpTgZLEGYFejRVsFmUTwFRSPWDasSj + Bvm+nWSYfkB2PFU8iCrqUDrHJVPyYQZ2+Xet5dI09cC8hl0c3Mxxd9+YwZExbq1R + /l5LhRXw78re8inBDR/hmS534GllBbgk+t1fqqL61LGgxNlG7ImNXinr0Jn5K/5B + ovRzHCsuvrib0MMH65S85tqZkPzXW1onSOFTI1SGYrbLvJ/HmEVmgQ6iEJqYr+x0 + nWHrdobZmedk2uTIarYz0qDKTfpWjH5EHe+b8N4RrfphPeCZVvN3sK381dYdqThP + nuEPLvlPAWnQlML4jSQ04PnThQIMA3GiBwULdMTdAQ/+IMkypZ6w6OFUgn8h6jg+ + W6utlD95GUpsfFfHEG9GuuvFZRfovisne/m4oelkM13eViWbmrim9iKpuiyS/SDI + i8JkawKuzhigvfM81U2mheqSija3bOro+cgk1+BhZgCuWPGd6MmtpRC0VywZAJWb + mQaqc9L5yaUczVyaRavNhyRbBBJN4e5JbDkek9UD+U+BgqEc2cvDTOZD4WhiePNU + XUWGgkXyhN8GwkjKFZlli8KbFrK0BFlqbeXBHaE3LQb5mHkJp9sgg6ORvEF9gPFE + tGCta4Ko+nwPfmvfY5LVdwyt/p+tyOf+uEotZ7RETihzqCDeV/imcCRfne4AYsxR + H4F3G7T3Ombb7lOEQv3zbWKLuUnIoUuIWvbbw1pJEUwvq7aJbWSbA+LNjyNr58hE + VlvHZdD2IyLR3QlntgKKAmAgmyyRSXFkGIGxnHm8a3kbvQS6bSK+hz6xxG6wYCFT + A/kIxbjXqap2ZQOg1rMAHRdNS7U42CUBnGs0OxFN7HGt/a8QlRPYUKLFJ7nP4bF/ + Srs2HSSntmzzY489GpnuZSDs0oXjANKxvAVkcNIBv+RSvIKzQSvITZC2m5OFw7XC + Yx567rfhmQZOkpYI6fq6VBFKqBcNSmOTxMw8wwm2INJrFWpc+mkjGrQl6yGIZBTS + Nqa/6eYUz8Hd72CXnw57PzWFAgwDrPDOChusaZEBD/9C00CyqoAY+Ff6fbXCE0YT + 31vMf6I95y98qpy03TpHXx79d/Oa3PQIVDsWwnrFbAtUxwCgofzRWqLUa66by4Mo + nMTwsXxlW3T8YuAKnJ9kmUHau3wgTSbLlD64t9Q0jCMC0N1UDYLUicwey/LDSowy + /PnSxfQDcxkouMAoX0lYQ9s8+Xd1anhnxZ/jMa8XXc+t7rEPV2iB6GfhZB8/4sz/ + Wdtclqr4noZ+o30AOhLsU4YvsRPacRzFmqSzlMZZr2C/HGE8NND/YAqloTFCzKkU + e6Z57PqaK0l30vjOo1Gw8UwwRmFVnDS/0opCfrCfWguJevGJ4sxLGjJ3u3T80Ea9 + h2OX17/UBFUwfRbZFVej4jyk70UqTXqpA4ub6vGObgRnthsZqSWfl2dQSTAktIHO + AyseLe+m00hpHIfZbHwmb2BRsVbM0r1vwbGVzE8XdQJ1N6j4joPkJ6sq9Ot7xfc2 + lXUwRNH6AOFUrX/nHcx0Mc6KoBnGuO1pJw5/A0q3cHPVeG5QH4G/QzqngRiLxleE + 5/AmwpvR6CLuQmz+/ZeVYuISd4+qB/uq4ibTRICOBZJUlh/3tOIeqlTQK7wANNPR + lnubmYPo/23nI/LYXiZ3aN1i2vflHeQemBBKIku+dCRLfmVZaSnscbkCPHWRQUMI + 6bmulkr3uGqLE6TRwKqXKNLqAa/7Ydyu8HJitVSXIcO9nA+zFLALBEKYn6NWWAdj + AZVcg3i0S1x/F+SsfIEq5ddOn8VFqVvHaB9vSt8zsypb3UrA606wnlnnuePcT680 + 2t8FO68U31HE4ZcfqatXqw4mXUazGiR+oEbCMhob8XWgey9zrzkBq+JgJMijhsFf + hq9mv5JRv0uo9hL2ZG0Fpw5t4RvFU/o8bpFGC1kvBLfSrgL5TFG5rRRyQGwfdmVb + wVLWT4NewFTqhcMT2CWWPGAAuocQRy4Eb6erlx2GQP1WzVQHnY2eeRr6BK57eTUL + HoTa5iJvMi4pvX71gljmg62ZDPBC7iU9EuomhGL6R7WAuhctH3xmORN/92Jfpe0Q + NGy8DWkaeURn1b9BFM88TNMLDFcTsB1eUaepZ8QMMPh2T2yXtT8A8wKtD0Q+X226 + bAsGuYPj59uRsJp2Yftlx5LpEwh9LDsFKzHMNBCzHdpXd/Y1XBkPJXLbWl8SvatO + AXob5vzd1xOiTx5xouYjAJy1yKq7vyBYZ0FxKhwHQLMUr+sn1SgGEN47mUlVRb2o + 98bwzvihgKwwdmn26jmqdeDNqwLs76Dy7IEo7aQsGrW4+qFynzECvCmTKgSaQ37h + VnfnpKG3vx1v3AV6hNgsR2Ta7LlGAJt3f9WaHdOV20xDMM4SFjxLH31SZ1k8Mq4V + dAQKUFF9wbhaIkvMOOLHyFS7QOQh8bMT0q2d3TMcRZS59mOXKd4wnDjFjXPFgS3W + n9NLWPnvhf6MAr1+FBexAcNJ7624I8kKicT9hS2wt9ZcXfb20yMQYkYgKwJQc5A0 + 05G/Gzcx7jiU8KjCX7ufZ1oy4oSieV1PWh6yW7VoYszGx8GRdix++E1N9hxHJlQB + 0wV5eVeDJQRpacsIur/j5ZKjSOD1svgFlAWh6sPooX36VZLMj++/5k0vtzAk8tOu + +d9ZjQuO1Sadl/pBHmdjNuJGhoimvMadVKecg8h6ZSjEJzdLAXt5Bnu9ooemVKGQ + UMS9WpEBKoj2jr3CWKeoULL01DinrHkgO47Ae8OI1E/GczcdDxYMnqD4P6pw1AeY + xGTL3zfHTTNjJuW1bFFHDPLBpa/fyCo2FAX9EJ4d7rQebZxOZVSr3R0HW7ALNsvT + rSzJVgDMJZZth4CKZtZ5GCQkhl92QTSpeetWfiVyPuu4DcFmfKp7iW7qyZCEGEpM + Lb9xrgQVCYX0XhVTEnzHUhZlF7Sf0X7iYymTGBiyT8o3Vq63BEdttEyzw3R++qnl + F4ZAlTJGozYjdWXda0loXQ9OY802jrAbwFDToWUQ/DGbpeO3HJH49jFnpF2JL3lA + WHTYvgmtI3/++8H7qHWscjCW8vEVEnln43Vc1QWTe+EM8+qOjQwwufF903Ui4U68 + +bqI+Fk/9W+dpCkZNDPQUd8bpn2jWrTHuy59Htcv2bcysY6fFdu5hCmkEVrQFjiN + NpyBLnAEBuaOT2UkeiJ01spKJ58U8r6IE8D01ALpT1HpJmFqpY1cAdcKP4m0GgUL + cQxqe4pag+vy30S1tBrCmM8rRQ12+Tam53uTkXgHH8jPg32y+zDQHozEXqq9I5ic + SIjzB/BCROYNaAL8DuJ1QoG12MNaoo5teDthA+MSQ/Em2+tuBTYtoCQyipMGQr3s + tbertPyCmPrZ8JjOY5Dfhcv+lI1zhBXnyo2oGwcY57Bx5LtHdn+YSqM18fccqSZJ + Jm5diDa8gwOxLcRq/drclI8On0OkspHhAo+vtf7A2WqaMkcN7KgLHvDD6z2Vba9p + l2MyQiGrO3oEviurTIlrAHSFKC0CaZuobZafkUiqF+WMcT94Gt4txmr+/nVh1dP1 + Acy7/8vIi8is02eEZwbrGwERJLnZcsj12d+4KjnkNCdNKbNMAhfsooenlxurWmby + nwlLnR4NUgbUko9Ke2tt01+TkJxJikyXAmuopBTk5UlpRUSl5nwgAqq62hSSXHDO + eWyQ+9Lw7TUlg3HImZSASQXhF4W78D4Jze++rgTsoWEIAGy+GjV8VrQ57bpSTBMM + uia8bciGmn2mbFWgVvGH0ibgkTJeuO72gQqPGjOV9TMAaPp3Ep0pZ0nqdfwd2BNp + /EFXiz+vHpT7F73NIXNdqD3rDXfk0vxP6zgvM0D0jbFDgrJE9xR/pOZYBUJhGA1c + tnnfKAn5DXKiTgonHVW7dbmujIfk4y9Anc/eXWTCs6GAz1js2a3G3OLEEg7K8OWD + oaO+qowvmBf6NEG7O+zXAwTIxLOIMBeUfbYfK0sDZUmh1dBqvRxblehZU36fhlNy + yi57mTT2e4or2r2pj5RK6Mn0ycGevTsw9J7Ur3DKuaxuyX/Zr4Zv//mOrqywG/sS + JNgqqBxHxOBiRccxrg/gfN4OKwmkz6JPMoQHezs8/UMGT0q0ELACPi4ZY3hPjDFM + h/xku+vD05Ne7Bv+F+Qxst6GODHo76vAP9mQUn2FzRd2omgU6abuJNvBICTng/Lm + AM/SDHSd5Zvf+od/PyESk/ehCocmFGjdhyrM0i32EOUDD9TEESuJFvTML/ugplhj + AuH1Zly5fFTM1hMCKGUnNFeAa1iFxrNjCQTKxiJllWZXkiMsRM1u8gsaAp1hP1sn + P+30XPDN0aps+kNQEwPhjPuclaTP61ft4v7nM9kvIWO26rkqMGj+j2Tpv+Y04mhW + Eozm6lD838k2h/TWFHs/AlBu+PZy8F8NBVx7C+NBQv4fARaAKek6zOcDiq9xjdZZ + Hz5D6We8+5849J34KVmZTEy/i536vVrOAdcWellMVNaahHcsqppbTjxhtr8eRfcr + zo+kqEDgAL/HjHjB6rh68ympLalE8OEsb8SVPBolVk47JHijpbhuKx/YS2zdPe0M + H6FNPZbbGNrXQtFDZrRZrGPkyYW9aM11TaI8bRWzWqsJ5crzaRMRta+kRKiX49Wp + P3pZpAlUbhDwi09GxJiZCob7wJ50ZiMz5WeEVDrutCibcVv57/MKdHvi7tZ0Sl/t + nkQRrVjqIu7fJp6MyfztcqIAC3PPJygzcrKwxUqZaekHB7PUbhLZJLLZBJloH+WI + UkyqT18kYZVbF0JUmYZkpoXPbu9Nu5WNW0qvXUJUyVq1nuyQIPF61MQyTxajPD4p + pY27dm14z/4/0HRr4gSkdOz6qTr7VP3m5I1t+Q3gVqLc4okoTfTU/YlJXlOMEERI + OhwwHWcJMgnxpFoBzVnwNxgoZIVfc2TkjinwQ+rs/y5uDaMW3/C4ikYDPGG/x5V5 + 3mLH0v2msMh5RVF2AF4liUQSGMpVg5RO4izRjLNCBCe5kTntB8p28/fpKaEITL5S + BPasYiiCtUmMYJ4xuHGkFhXLkn2Emjof5xJH+a55zs+chLHIkuoyNlfl7Rs2xhy6 + 5o6nV0LGzo57zPrm/yMPR1xDih2LAA/TeqXxBlntkAZbs4lmCUwLt1s4JgbvEA== + =yoy4 + -----END PGP MESSAGE----- telegram: appservice_token: | -----BEGIN PGP MESSAGE----- diff --git a/salt/profile/matrix/appservice.sls b/salt/profile/matrix/appservice.sls index f057210..5f73f17 100644 --- a/salt/profile/matrix/appservice.sls +++ b/salt/profile/matrix/appservice.sls @@ -4,9 +4,9 @@ appservice_pgks: pkg.installed: - pkgs: - git - - nodejs12 - - nodejs12-devel - - npm12 + - nodejs + - nodejs-devel + - npm - nodejs-common - make - gcc @@ -108,14 +108,9 @@ synapse_appservice_{{ dir }}_file: - service: {{ dir }}_service {% endfor %} -webhook_database_file: +/var/lib/matrix-synapse/webhook/passkey.pem: file.managed: - - name: /var/lib/matrix-synapse/webhook/config/database.json - - source: salt://profile/matrix/files/webhook-database.json + - contents_pillar: profile:matrix:appservices:webhook:passkey + - mode: 640 - user: synapse - - require: - - file: /var/lib/matrix-synapse/webhook - - require_in: - - service: webhook_service - - watch_in: - - module: webhook_restart + - group: synapse diff --git a/salt/profile/matrix/dimension.sls b/salt/profile/matrix/dimension.sls index c65bc45..89ac7a1 100644 --- a/salt/profile/matrix/dimension.sls +++ b/salt/profile/matrix/dimension.sls @@ -1,10 +1,3 @@ -dimension_pgks: - pkg.installed: - - pkgs: - - nodejs10 - - nodejs10-devel - - npm10 - /var/lib/matrix-synapse/dimension: file.directory: - user: synapse diff --git a/salt/profile/matrix/files/appservice-webhook.yaml b/salt/profile/matrix/files/appservice-webhook.yaml index cd5669f..289b677 100644 --- a/salt/profile/matrix/files/appservice-webhook.yaml +++ b/salt/profile/matrix/files/appservice-webhook.yaml @@ -4,7 +4,7 @@ as_token: {{ pillar['profile']['matrix']['appservices']['webhook']['appservice_t namespaces: users: - exclusive: true - regex: '@_webhook.*:opensuse\.org' + regex: '@_webhook_.+:opensuse\.org' group_id: '+webhook:opensuse.org' aliases: [] rooms: [] diff --git a/salt/profile/matrix/files/appservice.service b/salt/profile/matrix/files/appservice.service index a27c334..1eb75e5 100644 --- a/salt/profile/matrix/files/appservice.service +++ b/salt/profile/matrix/files/appservice.service @@ -9,7 +9,6 @@ RestartSec=3600 User=synapse Group=synapse WorkingDirectory=/var/lib/matrix-synapse/{{ dir }}/ -Environment="NODE_VERSION=12" Environment="WEBHOOKS_USER_STORE_PATH=/data/matrix/webhook/user-store.db" Environment="WEBHOOKS_ROOM_STORE_PATH=/data/matrix/webhook/room-store.db" Environment="NODE_ENV=production" diff --git a/salt/profile/matrix/files/config-telegram.yaml b/salt/profile/matrix/files/config-telegram.yaml index 19c3714..71dc07c 100644 --- a/salt/profile/matrix/files/config-telegram.yaml +++ b/salt/profile/matrix/files/config-telegram.yaml @@ -14,7 +14,8 @@ homeserver: # If set, the bridge will make POST requests to this URL whenever a user's Telegram connection state changes. # The bridge will use the appservice as_token to authorize requests. status_endpoint: - + # Endpoint for reporting per-message status. + message_send_checkpoint_endpoint: # Application service host/registration related details # Changing these values requires regeneration of the registration. @@ -32,18 +33,16 @@ appservice: # Usually 1 is enough, but on high-traffic bridges you might need to increase this to avoid 413s max_body_size: 1 - # The full URI to the database. SQLite and Postgres are fully supported. - # Other DBMSes supported by SQLAlchemy may or may not work. + # The full URI to the database. SQLite and Postgres are supported. # Format examples: # SQLite: sqlite:///filename.db # Postgres: postgres://username:password@hostname/dbname database: postgresql://{{ pillar['profile']['matrix']['database_user'] }}:{{ pillar['postgres']['users']['matrix']['password'] }}@{{ pillar['profile']['matrix']['database_host'] }}/telegram_bridge - # Optional extra arguments for SQLAlchemy's create_engine + # Additional arguments for asyncpg.create_pool() or sqlite3.connect() + # https://magicstack.github.io/asyncpg/current/api/index.html#asyncpg.pool.create_pool + # https://docs.python.org/3/library/sqlite3.html#sqlite3.connect + # For sqlite, min_size is used as the connection thread pool size and max_size is ignored. database_opts: {} - - # Public part of web server for out-of-Matrix interaction with the bridge. - # Used for things like login if the user wants to make sure the 2FA password isn't stored in - # the HS database. public: # Whether or not the public-facing endpoints should be enabled. enabled: false @@ -73,12 +72,6 @@ appservice: bot_displayname: Telegram bot_avatar: mxc://opensuse.org/FPGLmCfsZtwRHKeRITyGvtoQ - # Community ID for bridged users (changes registration file) and rooms. - # Must be created manually. - # - # Example: "+telegram:example.com". Set to false to disable. - community_id: +telegram:opensuse.org - # Whether or not to receive ephemeral events via appservice transactions. # Requires MSC2409 support (i.e. Synapse 1.22+). # You should disable bridge -> sync_with_custom_puppets when this is enabled. @@ -103,8 +96,6 @@ manhole: # If empty, any UIDs can be specified in the open-manhole command. whitelist: - 0 - -# Bridge config bridge: # Localpart template of MXIDs for Telegram users. # {userid} is replaced with the user ID of the Telegram user. @@ -134,7 +125,6 @@ bridge: - full name - username - phone number - # Maximum length of displayname displayname_max_length: 100 # Remove avatars from Telegram ghost users when removed on Telegram. This is disabled by default # as there's no way to determine whether an avatar is removed or just hidden from some users. If @@ -188,7 +178,6 @@ bridge: # Servers to always allow double puppeting from double_puppet_server_map: example.com: https://example.com - # Allow using double puppeting from any server with a valid client .well-known file. double_puppet_allow_discovery: false # Shared secrets for https://github.com/devture/matrix-synapse-shared-secret-auth # @@ -199,7 +188,6 @@ bridge: # you must also set the URL in the double_puppet_server_map. login_shared_secret_map: example.com: foobar - # Set to false to disable link previews in messages sent to Telegram. telegram_link_preview: true # Whether or not the !tg join command should do a HTTP request # to resolve redirects in invite links. @@ -209,6 +197,8 @@ bridge: inline_images: true # Maximum size of image in megabytes before sending to Telegram as a document. image_as_file_size: 10 + # Maximum number of pixels in an image before sending to Telegram as a document. Defaults to 1280x1280 = 1638400. + image_as_file_pixels: 1638400 # Maximum size of Telegram documents in megabytes to bridge. max_document_size: 100 # Enable experimental parallel file transfer, which makes uploads/downloads much faster by @@ -224,31 +214,24 @@ bridge: # Format to which animated stickers should be converted. # disable - No conversion, send as-is (gzipped lottie) # png - converts to non-animated png (fastest), - # gif - converts to animated gif, but loses transparency + # gif - converts to animated gif # webm - converts to webm video, requires ffmpeg executable with vp9 codec and webm container support target: webm # Arguments for converter. All converters take width and height. - # GIF converter takes background as a hex color. args: width: 256 height: 256 - fps: 30 - - # Overrides for base power levels. + fps: 30 # only for webm and gif (2, 5, 10, 20 or 25 recommended) + # End-to-bridge encryption support options. + # + # See https://docs.mau.fi/bridges/general/end-to-bridge-encryption.html for more info. encryption: # Allow encryption, work in group chat rooms with e2ee enabled allow: false # Default to encryption, force-enable encryption in all portals the bridge creates # This will cause the bridge bot to be in private chats for the encryption to work properly. default: false - # Database for the encryption data. Currently only supports Postgres and an in-memory - # store that's persisted as a pickle. - # If set to `default`, will use the appservice postgres database - # or a pickle file if the appservice database is sqlite. - # - # Format examples: - # Pickle: pickle:///filename.pickle - # Postgres: postgres://username:password@hostname/dbname + # Database for the encryption data. If set to `default`, will use the appservice database. database: default # Options for automatic key sharing. key_sharing: @@ -282,6 +265,10 @@ bridge: # Same as above for archived chats, the low priority tag is `m.lowpriority`. archive_tag: # Whether or not mute status and tags should only be bridged when the portal room is created. + # Should leaving the room on Matrix make the user leave on Telegram? + bridge_matrix_leave: true + # Should the user be kicked out of all portals when logging out of the bridge? + kick_on_logout: true tag_only_on_create: true # Settings for backfilling messages from Telegram. backfill: @@ -326,19 +313,13 @@ bridge: # List of user IDs for whom the previous flag is flipped. # e.g. if bridge_notices.default is false, notices from other users will not be bridged, but # notices from users listed here will be bridged. - # exceptions: - # - "@importantbot:example.com" - - # Some config options related to Telegram message deduplication. - # The default values are usually fine, but some debug messages/warnings might recommend you - # change these. - deduplication: - # Whether or not to check the database if the message about to be sent is a duplicate. - pre_db_check: false - # The number of latest events to keep when checking for duplicates. - # You might need to increase this on high-traffic bridge instances. - cache_queue_length: 20 + exceptions: + - '@telegrambot:opensuse.org' + # An array of possible values for the $distinguisher variable in message formats. + # Each user gets one of the values here, based on a hash of their user ID. + # If the array is empty, the $distinguisher variable will also be empty. + relay_user_distinguishers: [🟦, 🟣, 🟩, ⭕️, 🔶, ⬛️, 🔵, 🟢] # The formats to use when sending messages to Telegram via the relay bot. # Text msgtypes (m.text, m.notice and m.emote) support HTML, media msgtypes don't. # @@ -346,6 +327,7 @@ bridge: # $sender_displayname - The display name of the sender (e.g. Example User) # $sender_username - The username (Matrix ID localpart) of the sender (e.g. exampleuser) # $sender_mxid - The Matrix ID of the sender (e.g. @exampleuser:example.com) + # $distinguisher - A random string from the options in the relay_user_distinguishers array. # $message - The message content message_formats: m.text: '$sender_displayname: $message' @@ -391,6 +373,21 @@ bridge: # The prefix for commands. Only required in non-management rooms. command_prefix: '!tg' + # Messages sent upon joining a management room. + # Markdown is supported. The defaults are listed below. + management_room_text: + # Sent when joining a room. + welcome: Hello, I'm a Telegram bridge bot. + # Sent when joining a management room and the user is already logged in. + welcome_connected: Use `help` for help. + # Sent when joining a management room and the user is not logged in. + welcome_unconnected: Use `help` for help or `login` to log in. + # Optional extra text sent when joining a management room. + additional_help: '' + + # Send each message separately (for readability in some clients) + management_room_multiple_messages: false + # Permissions for using the bridge. # Permitted values: # relaybot - Only use the bridge via the relaybot, no access to commands. @@ -434,8 +431,6 @@ bridge: whitelist: # - myusername # - 12345678 - -# Telegram config telegram: # Get your own API keys at https://my.telegram.org/apps api_id: {{ pillar['profile']['matrix']['telegram']['api_id'] }} diff --git a/salt/profile/matrix/files/config-webhook.yaml b/salt/profile/matrix/files/config-webhook.yaml index 17cb3bc..f7e901a 100644 --- a/salt/profile/matrix/files/config-webhook.yaml +++ b/salt/profile/matrix/files/config-webhook.yaml @@ -1,37 +1,168 @@ -# Configuration specific to the application service. All fields (unless otherwise marked) are required. -homeserver: - # The domain for the client-server API calls. - url: "https://matrix.opensuse.org" - - # The domain part for user IDs on this home server. Usually, but not always, this is the same as the - # home server's URL. - domain: "opensuse.org" - -# Configuration specific to the bridge. All fields (unless otherwise marked) are required. -webhookBot: - # The localpart to use for the bot. May require re-registering the application service. - localpart: "_webhook" - - # Appearance options for the Matrix bot - appearance: - displayName: "Webhooks" - avatarUrl: "https://static.opensuse.org/chat/integrations/webhook.png" # webhook icon - -# Provisioning API options -provisioning: - # Your secret for the API. Required for all provisioning API requests. - secret: '{{ pillar['profile']['matrix']['appservices']['webhook']['secret'] }}' - -# Configuration related to the web portion of the bridge. Handles the inbound webhooks -web: - hookUrlBase: 'https://webhook.opensuse.org' - +bridge: + # Basic homeserver configuration + # + domain: opensuse.org + url: http://localhost:8008 + mediaUrl: https://matrix.opensuse.org + port: 9002 + bindAddress: 127.0.0.1 +# github: +# # (Optional) Configure this to enable GitHub support +# # +# auth: +# # Authentication for the GitHub App. +# # +# id: 123 +# privateKeyFile: github-key.pem +# webhook: +# # Webhook settings for the GitHub app. +# # +# secret: secrettoken +# oauth: +# # (Optional) Settings for allowing users to sign in via OAuth. +# # +# client_id: foo +# client_secret: bar +# redirect_uri: https://example.com/bridge_oauth/ +# defaultOptions: +# # (Optional) Default options for GitHub connections. +# # +# showIssueRoomLink: false +# hotlinkIssues: +# prefix: "#" +# userIdPrefix: +# # (Optional) Prefix used when creating ghost users for GitHub accounts. +# # +# _github_ +# gitlab: +# # (Optional) Configure this to enable GitLab support +# # +# instances: +# gitlab.com: +# url: https://gitlab.com +# webhook: +# secret: secrettoken +# publicUrl: https://example.com/hookshot/ +# userIdPrefix: +# # (Optional) Prefix used when creating ghost users for GitLab accounts. +# # +# _gitlab_ +# figma: +# # (Optional) Configure this to enable Figma support +# # +# publicUrl: https://example.com/hookshot/ +# instances: +# your-instance: +# teamId: your-team-id +# accessToken: your-personal-access-token +# passcode: your-webhook-passcode +# jira: +# # (Optional) Configure this to enable Jira support. Only specify `url` if you are using a On Premise install (i.e. not atlassian.com) +# # +# webhook: +# # Webhook settings for JIRA +# # +# secret: secrettoken +# oauth: +# # (Optional) OAuth settings for connecting users to JIRA. See documentation for more information +# # +# client_id: foo +# client_secret: bar +# redirect_uri: https://example.com/bridge_oauth/ +generic: + # (Optional) Support for generic webhook events. + #'allowJsTransformationFunctions' will allow users to write short transformation snippets in code, and thus is unsafe in untrusted environments + # + # + enabled: true + urlPrefix: https://webhook.opensuse.org/ + userIdPrefix: _webhook_ + allowJsTransformationFunctions: false + waitForComplete: false +feeds: + # (Optional) Configure this to enable RSS/Atom feed support + # + enabled: true + pollIntervalSeconds: 600 +# provisioning: +# # (Optional) Provisioning API for integration managers +# # +# secret: "!secretToken" +passFile: + # A passkey used to encrypt tokens stored inside the bridge. + # Run openssl genpkey -out passkey.pem -outform PEM -algorithm RSA -pkeyopt rsa_keygen_bits:4096 to generate + # + passkey.pem +bot: + # (Optional) Define profile information for the bot user + # + displayname: Hookshot Bot + avatar: mxc://opensuse.org/tsHUCwVqIxqvuxmLrSDsMUgA +metrics: + # (Optional) Prometheus metrics support + # + enabled: false +# queue: +# # (Optional) Message queue / cache configuration options for large scale deployments +# # +# monolithic: true +# port: 6379 +# host: localhost logging: - file: /var/log/matrix-synapse/webhook/webhook.log - console: true - consoleLevel: info - fileLevel: verbose - writeFiles: true - rotate: - size: 52428800 # bytes, default is 50mb - count: 5 + # (Optional) Logging settings. You can have a severity debug,info,warn,error + # + level: info + colorize: true + json: false + timestampFormat: HH:mm:ss:SSS +# widgets: +# # (Optional) EXPERIMENTAL support for complimentary widgets +# # +# addToAdminRooms: false +# disallowedIpRanges: +# - 127.0.0.0/8 +# - 10.0.0.0/8 +# - 172.16.0.0/12 +# - 192.168.0.0/16 +# - 100.64.0.0/10 +# - 192.0.0.0/24 +# - 169.254.0.0/16 +# - 192.88.99.0/24 +# - 198.18.0.0/15 +# - 192.0.2.0/24 +# - 198.51.100.0/24 +# - 203.0.113.0/24 +# - 224.0.0.0/4 +# - ::1/128 +# - fe80::/10 +# - fc00::/7 +# - 2001:db8::/32 +# - ff00::/8 +# - fec0::/10 +# roomSetupWidget: +# addOnInvite: false +# publicUrl: http://example.com/widgetapi/v1/static +# branding: +# widgetTitle: Hookshot Configuration +permissions: + # (Optional) Permissions for using the bridge. See docs/setup.md#permissions for help + # + - actor: "*" + services: + - service: "*" + level: commands + - actor: "@hellcp:opensuse.org" + services: + - service: "*" + level: admin +listeners: + # (Optional) HTTP Listener configuration. + # Bind resource endpoints to ports and addresses. + # 'port' must be specified. Each listener must listen on a unique port. + # 'bindAddress' will default to '127.0.0.1' if not specified, which may not be suited to Docker environments. + # 'resources' may be any of webhooks, widgets, metrics, provisioning + # + - port: 9005 + bindAddress: 127.0.0.1 + resources: + - webhooks diff --git a/salt/profile/matrix/files/dimension.service b/salt/profile/matrix/files/dimension.service index 65318e2..09b8369 100644 --- a/salt/profile/matrix/files/dimension.service +++ b/salt/profile/matrix/files/dimension.service @@ -9,7 +9,6 @@ RestartSec=3600 User=synapse Group=synapse WorkingDirectory=/var/lib/matrix-synapse/dimension/ -Environment="NODE_VERSION=10" Environment="NODE_ENV=production" ExecStart=/usr/bin/node build/app/index.js diff --git a/salt/profile/matrix/files/telegram.service b/salt/profile/matrix/files/telegram.service deleted file mode 100644 index e7e40a3..0000000 --- a/salt/profile/matrix/files/telegram.service +++ /dev/null @@ -1,15 +0,0 @@ -[Unit] -Description=Matrix Appservice Telegram - -[Service] -Type=simple -Restart=on-failure -RestartSec=3600 - -User=synapse -Group=synapse -WorkingDirectory=/var/lib/matrix-synapse/telegram/ -ExecStart=/usr/bin/python3 -m mautrix_telegram -c config.yaml -r telegram-registration.yaml -b /etc/mautrix-telegram/example-config.yaml - -[Install] -WantedBy=multi-user.target diff --git a/salt/profile/matrix/files/worker.yaml b/salt/profile/matrix/files/worker.yaml index c890856..075ca8a 100644 --- a/salt/profile/matrix/files/worker.yaml +++ b/salt/profile/matrix/files/worker.yaml @@ -10,7 +10,7 @@ worker_listeners: port: {{ port }} resources: - names: - {%- if resources %} + {%- if resources|length %} {%- for resource in resources.items() %} - {{ resource }} {%- endfor %} @@ -19,8 +19,10 @@ worker_listeners: - federation {%- endif %} +{%- if config|length %} {% for setting, value in config.items() %} {{ setting }}: {{ value }} {% endfor %} +{%- endif %} worker_log_config: /etc/matrix-synapse/worker-log.yaml diff --git a/salt/profile/matrix/files/workers.nginx b/salt/profile/matrix/files/workers.nginx index e8a7044..9ad9e34 100644 --- a/salt/profile/matrix/files/workers.nginx +++ b/salt/profile/matrix/files/workers.nginx @@ -10,6 +10,7 @@ upstream {{ app }}_{{ loop.index }} { {%- endfor %} } +{%- if type.get('rest')|lenght %} {%- for uri in type.get('rest') %} location ~ {{ uri }} { proxy_pass http://{{ app }}_{{ loop.index }}$request_uri; @@ -17,6 +18,7 @@ location ~ {{ uri }} { proxy_set_header Host $host; } {% endfor %} +{% endif %} {% endfor %} {% endfor %} diff --git a/salt/profile/matrix/synapse.sls b/salt/profile/matrix/synapse.sls index 8e26bb3..314567d 100644 --- a/salt/profile/matrix/synapse.sls +++ b/salt/profile/matrix/synapse.sls @@ -18,15 +18,15 @@ synapse_systemd_override: synapse_systemd_file: file.managed: - - name: /etc/systemd/system/matrix-synapse.taget + - name: /etc/systemd/system/matrix-synapse.target - source: salt://profile/matrix/files/synapse.target - require_in: - service: synapse_service synapse_worker_systemd_file: file.managed: - - name: /etc/systemd/system/matrix-synapse-worker@.taget - - source: salt://profile/matrix/files/synapse@.target + - name: /etc/systemd/system/matrix-synapse-worker@.service + - source: salt://profile/matrix/files/synapse@.service - require_in: - service: synapse_service diff --git a/salt/profile/matrix/telegram.sls b/salt/profile/matrix/telegram.sls index c234d41..b24e64d 100644 --- a/salt/profile/matrix/telegram.sls +++ b/salt/profile/matrix/telegram.sls @@ -5,30 +5,12 @@ telegram_pgks: # Required for webm for stickers - ffmpeg-3 -/var/lib/matrix-synapse/telegram: - file.directory: - - user: synapse - -/var/log/matrix-synapse/telegram: - file.directory: - - user: synapse - -/var/lib/matrix-synapse/telegram/alembic: - file.symlink: - - target: /usr/share/alembic - -/var/lib/matrix-synapse/telegram/alembic.ini: - file.symlink: - - target: /etc/alembic/alembic.ini - telegram_conf_file: file.managed: - - name: /var/lib/matrix-synapse/telegram/config.yaml + - name: /etc/mautrix-telegram/config.yaml - source: salt://profile/matrix/files/config-telegram.yaml - template: jinja - user: synapse - - require: - - file: /var/lib/matrix-synapse/telegram - require_in: - service: telegram_service - watch_in: @@ -36,12 +18,10 @@ telegram_conf_file: telegram_appservice_file: file.managed: - - name: /var/lib/matrix-synapse/telegram/telegram-registration.yaml + - name: /etc/mautrix-telegram/registration.yaml - source: salt://profile/matrix/files/appservice-telegram.yaml - user: synapse - template: jinja - - require: - - file: /var/lib/matrix-synapse/telegram - watch_in: - module: telegram_restart @@ -50,29 +30,12 @@ synapse_appservice_telegram_file: - name: /etc/matrix-synapse/appservices/appservice-telegram.yaml - source: salt://profile/matrix/files/appservice-telegram.yaml - template: jinja - - require: - - file: /var/lib/matrix-synapse/telegram - watch_in: - module: telegram_restart -telegram_systemd_file: - file.managed: - - name: /etc/systemd/system/telegram.service - - source: salt://profile/matrix/files/telegram.service - - require_in: - - service: telegram_service - -telegram_database_migration: - cmd.run: - - name: alembic upgrade head - - cwd: /var/lib/matrix-synapse/telegram/ - - runas: synapse - - require_in: - - service: telegram_service - telegram_service: service.running: - - name: telegram + - name: mautrix-telegram - enable: True - require: - service: synapse_service @@ -80,7 +43,7 @@ telegram_service: telegram_restart: module.wait: - name: service.restart - - m_name: telegram + - m_name: mautrix-telegram - require: - service: synapse_service - service: telegram_service